Latin American countries are not known for their cyber offensive capabilities and espionage, in fact just a handful of researchers have analyzed the cyber threat landscape of the region as far as the nation-states as the provoking actors are concerned. This article is aimed at fact-finding the cyber offensive capabilities and espionage operations performed by Latin American countries.
The perception of a long-peace in Latin America concerning conventional conflicts stretches from the second half of the 19th Century to these days. This is often extrapolated to the cyber domain, where assessments indicate that those countries are not capable or are not engaged in cyber offensive actions against its neighboring countries. The long-peace also suggests that the major security issues in Latin America are non-state actors such as drug-cartels, organized criminals and paramilitary groups. If this view is applied to cyberspace, the Latin American cyber threat actors are considered to be cybercriminals and hacktivists. Although evidence suggests that cybercrime is a rampant security issue in Latin America, one should not quickly disregard the potential threat presented by the state actors.
According to recent studies, it is evident that by 2021, at least 29 nations in the world are found to be engaged in state-sponsored cyber offensive operations, and 86 countries have acquired some cyber offensive artifacts. From the former, two countries performed offensive actions and from the later, ten Latin American countries acquired cyber offensive capabilities from private vendors.
Protagonists and Victims
In Latin America, Mexico and Panama have been reportedly engaged in state-sponsored cyber offensive operations. The targets of both countries were mainly their nationals settled in foreign countries with the motivation of political espionage. These cyber offensive campaigns were successfully conducted with the use of Pegasus spyware provided by the NSO Group –that develops sophisticated technology for government agencies to help them detect terrorism and crime. The Pegasus spyware allows those agencies to surveil victim’s routine activities and interests through the compromised devices.
The Citizen Lab, affiliated with the Munk School at Toronto University identified 25 people targeted by the Mexican campaign, which includes lawyers, political figures, NGOs, and activists. The goal of that campaign was to collect information from personal and corporate assets for political reasons. The purpose of this hacking campaign with the use of Pegasus was to survey and collect the target’s personal information through malware infected devices, smartphones and personal computers.
The Panamanian espionage campaign evidence points to the former President of Panama, Ricardo Martinelli, as a user of the NSO Group spyware to monitor over 150 politicians. Among the targets includes some of the staff at the United States Embassy in Panama, political consultants working for the former President’s opponents in the Presidential election of 2015, including Christian Ferry and U.S. Army Colonel (Retd.) Richard Downie.
Contenders Acquiring Offensive Capability
The Latin American countries, which have acquired cyber offensive competencies include; Brazil, Chile, Colombia, Ecuador, Honduras, Guatemala, Mexico, Panama, Paraguay, and Venezuela. The evidence supporting this claim was gathered from data breaches suffered by the private vendors called Hacking Team and Gamma Group. The information disclosed included the name of customers and the countries acquiring the technology. Another source that addressed the acquisition of capabilities is the report from The Citizen Lab and its brilliant analysis on the use of Pegasus spyware worldwide.
Figure 1 – Latin American Countries that attained Cyber Offensive Capabilities
The data identifying the customers in each country is an indication that cyber offensive capabilities are likely to be used in a low oversight context (by intelligence agencies). It also suggests that the use of these proficiencies could be domestic targets, but it may also be used in an extraterritorial manner. Table 1 displays the countries, private vendors, customers (when it was identified), and the total number of purchases.
Table 1 – Cyber Offensive Capabilities
Recommendation
A cybersecurity expert, Joseph Steinberg commented on the emergence of this black and gray market for hacking tools and said, “Because governments around the world can now obtain powerful hacking tools at relatively low costs from commercial providers and other sources, there is essentially no technological barrier to entry for governments when it comes to cyber spying on individuals”. He further explained, “In the past, many government entities could not perform various forms of cyber espionage because they did not have the technical capabilities to do so. Today, that limitation simply does not exist – and, as such, it is the enforcement of rights that serves as the primary mechanism of protection for innocent civilians”. To underscore the policy implications, he said, “In light of numerous reports from around the world of potentially inappropriate and illegal cyber espionage, policymakers must, therefore, rekindle their efforts to ensure that such rights are fully clarified and protected.”
On the basis of available data and reports published in the media, it is evident that the Latin American countries are far from cyber pacifists. The fact that ten countries acquired cyber offensive capabilities and two of them have already deployed it to pursue political objectives outside their borders manifests that the region may be forgotten, but is not peaceful and ideal. Additional concern with the fact is that Mexico (La Dependencia y/o Cisen), Panama (Presidential Security), Colombia (DIPOL), Ecuador (SENAIN), and Guatemala (MOI) have deployed these offensive cyber capabilities within their intelligence agencies. Historically, intelligence activities in Latin America are not withheld by constitutional guarantees or judicial oversight, which could become a concern against human rights.
By highlighting these facts and relevant information, it is imperative for Latin American citizens and civil society to raise their voices against cyber operations and espionage targeting journalists, politicians, and activists, etc. A further research and in-depth study of the actual level of cyber offensive capabilities and their potential targets in Latin American countries is also needed. For regional foreign policy analysis, it is important to take into account the fact that countries with cyber offensive tools could engage in state-sponsored espionage, as the use of these tools can help achieve national strategic objectives. It may also pose a serious threat to the region if the acquired cyber offensive capabilities are used against one another.
Eduardo Izycki is a MA in International Peace and Security from the King’s College London, a veteran risk assessment manager for Major Events (WC 2014 and Rio 2016), and a former Critical Infrastructure coordinator for the Brazilian Government. He is currently working as a researcher at Global Foundation for Cyber Studies and Research, USA.
